
“The on-premises instances of Microsoft SharePoint are currently threatened by highly critical security vulnerabilities. This means action is required. Some of these vulnerabilities are already being actively exploited.”
Claudia Plattner, President of the BSI
Video message from the BSI
In a recent video message, the Federal Office for Information Security (BSI) issues an urgent warning about a new wave of attacks on on-premises instances of Microsoft SharePoint. In particular, the vulnerability “Toolshell” is already being actively exploited and threatens the IT security of companies, public authorities, and institutions in Germany.
Who is affected by the security vulnerability?
Only on-premises instances of SharePoint are at risk. Companies and organizations that use Microsoft SharePoint in the cloud (Microsoft 365) are, according to current assessments, not affected.
“It affects on-prem instances only. Those using the Microsoft Cloud for M365 are not affected. You don’t need to do anything.”
What needs to be done now?
The BSI provides clear recommendations in the video message:
- Check whether you are affected.
- Patch your on-prem SharePoint systems immediately!
“For all those responsible for the systems, on-prem: patch, patch, patch. I know I’m getting on your nerves, but it’s so important. And right now it’s more important than ever.”
- Carefully check whether your systems have already been compromised.
- Specifically for technical administrators: Also install the new Microsoft patches for SharePoint Enterprise Service 2016 and 2019.
- Check and, if necessary, replace ASP.NET Machine Keys:
“Please, please, please check the ASP.NET Machine Keys. That’s where you really need to take action. You have to replace them accordingly, because if something has gone wrong there and you are already compromised, you will otherwise find yourselves in troubled waters, as you simply won’t be able to get the attackers out of the system.”
Why is this so critical?
Cyberattacks can not only endanger sensitive data but also paralyze business processes and cause significant financial damage.
“This once again shows that cybersecurity is a must. There is no way around it. Otherwise, there is a real risk of significant economic damage.”
How does the HONICON GmbH support with cybersecurity?
We support companies, public authorities, and institutions from prevention through to recovery:
- BSI Cybersecurity-Check: We analyze your current security posture, identify vulnerabilities, and help implement the necessary measures – practical and in line with BSI standards.
- ISMS (Information Security Management System): From concept to full implementation – we work with you to build an efficient, sustainable ISMS that fits your organization.
- Identity management: Our experts support you in setting up and optimizing identity and access management systems to secure against future risks as well.
- Many years of project experience: Our best practices from numerous security projects inform every step.
Your IT security deserves expertise
Take action now!
The current threat situation requires decisive action. Get expert advice now, protect your company from significant damage, and benefit from our holistic experience in the field of cybersecurity and ISMS.
Schedule your non-binding consultation with our experts today:
